PoC Code Published for Critical NGINX Vulnerability
Introduced in 2008, the critical-severity security defect was patched this week in NGINX Plus and NGINX open source. The post PoC Code Published for Critical NGINX Vulnerability appeared first on SecurityWeek.
Technical details and proof-of-concept (PoC) exploit code targeting a newly patched critical-severity vulnerability in NGINX are now available.
Tracked as CVE-2026-42945 (CVSS score of 9.2), the issue was patched in the widely used web server this week as part of F5’s latest quarterly patch release, 16 years after it was introduced.
The bug is described as a heap buffer overflow in the ngx_http_rewrite_module component that could be exploited to trigger a restart, creating a denial-of-service (DoS) condition.
Source: https://www.securityweek.com/poc-code-published-for-critical-nginx-vulnerability/
Related breach coverage
- Exploitation of Critical NGINX Vulnerability Begins2026-05-18
The flaw leads to denial-of-service on default configurations and to remote code execution if ASLR is disabled. The post Exploitation of Critical NGINX Vulnerability Begins appeared first on SecurityWeek.
- High-Severity Vulnerability Patched in VMware Fusion2026-05-14
The patch was announced as Broadcom is attending the Pwn2Own hacking competition in Berlin this week. The post High-Severity Vulnerability Patched in VMware Fusion appeared first on SecurityWeek.
- Mythos Proves Potent in Vulnerability Discovery, Less Convincing Elsewhere2026-05-14
Independent benchmarking finds Mythos highly effective for source code audits, reverse engineering, and native-code analysis, though its exploit validation and reasoning capabilities remain inconsistent. The post Mythos Proves Potent in Vulnerability Discovery, Less Convincing Elsewhere appeared first on SecurityWeek.
- First Shai-Hulud Worm Clones Emerge2026-05-18
At least one threat actor has adopted the recently released malware source code in attacks against NPM developers. The post First Shai-Hulud Worm Clones Emerge appeared first on SecurityWeek.